πŸ” CVE Alert

CVE-2026-20240

HIGH 7.1

Denial of Service through coldToFrozen.sh Script in Splunk Enterprise

CVSS Score
7.1
EPSS Score
0.0%
EPSS Percentile
0th

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the β€˜admin’ or β€˜power’ Splunk roles could cause a Denial of Service by exploiting the `coldToFrozen.sh` script in the `splunk_archiver` app to rename critical Splunk directories, making the instance non-functional.<br><br>The Denial of Service is possible because of missing input validation in the `coldToFrozen.sh` script, which accepts arbitrary file paths and renames them without restricting operations to safe directories.

CWE CWE-20
Vendor splunk
Product splunk enterprise
Published May 20, 2026
Stay Ahead of the Next One

Get instant alerts for splunk splunk enterprise

Be the first to know when new high vulnerabilities affecting splunk splunk enterprise are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Splunk / Splunk Enterprise
10.2 < 10.2.2 10.0 < 10.0.5 9.4 < 9.4.11 9.3 < 9.3.12
Splunk / Splunk Cloud Platform
10.4.2603 < 10.4.2603.1 10.3.2512 < 10.3.2512.9 10.2.2510 < 10.2.2510.11 10.1.2507 < 10.1.2507.21 10.0.2503 < 10.0.2503.13 9.3.2411 < 9.3.2411.129

References

NVD β†— CVE.org β†— EPSS Data β†—
advisory.splunk.com: https://advisory.splunk.com/advisories/SVD-2026-0504

Credits

Alex Hordijk (hordalex)